#1 - Threat Hunter

The thrill of the hunt! You never encounter the same crime twice!

Job Description

This expert analyzes how intruders breached the infrastructure in order to identify additional systems/networks that have been compromised. Investigating traces left by complex attacks requires a forensic expert who is not only proficient in the latest forensic, response, and reverse engineering skills, but is astute in the latest exploit methodologies.

SANS Courses Recommended

Why It's Cool

"Incident response and threat hunting teams are the keys to identifying and observing malware indicators and patterns of activity in order to generate accurate threat intelligence that can be used to detect current and future intrusions."

How It Makes a Difference

"You are what stands between your organization and the hackers/malware out there."

"Over the past two years, organizations that incorporate Threat Hunting capabilities into their operations have reduced intrusion-to-detection time to weeks instead of months. Combining endpoint & network analysis skills with threat Intelligence is the key differentiator in successful Hunts."

#2 - System, Network, and/or Web Penetration Tester

Be a hacker, but do it legally and break things in order to help outsmart the bad guys!

Job Description

This expert finds security vulnerabilities in target systems, networks, and applications in order to help enterprises improve their security. By identifying which flaws can be exploited to cause business risk, the pen tester provides crucial insights into the most pressing issues and suggests how to prioritize security resources.

SANS Courses Recommended

Why It's Cool

"You get to help make security better by thinking and acting like the bad guys."

"There's nothing like gaining access to something that everyone said was secure, but due to your skills and creative problem solving you were able to break in and find a vulnerability which can now be fixed."

How It Makes a Difference

"You're the one who figures out if something is truly secure. You get to spend your time breaking, tinkering with, outsmarting, and manipulating every single layer of security to see where the exploitable vulnerabilities exist so that they can be mitigated before the bad guys get their hands on them. Ethical Hacking/Penetration Testing is a noble professional that is needed more than ever."

#10 - CISO/ISO or Director of Security

Leading security operations is still the biggest and coolest job in infosec

Job Description

Today's Chief Information Security Officers are no longer defined the way they used to be. While still technologists, today's CISO/ISO's must have business acumen, communication skills, and process-oriented thinking. They need to connect legal, regulatory, and local organizational requirements with risk taking, financial constraints and technological adoption.

Why It's Cool

"These people get to decide where to build the "watch towers", how many rangers are stationed in the park, where fires can be safely built, and the rules of engagement."

How It Makes a Difference

"You have the creative direction to influence and directly contribute to the overall security of an organization. You are the senior security player, the only one whom the CEO will trust."

"This position usually reports at a very high level, and gets to see and influence the big picture. You work with physical security, IT, the businesses, even the FBI and other law enforcement agencies."

"This position usually reports at a very high level, and gets to see and influence the big picture. You work with physical security, IT, the businesses, even the FBI and other law enforcement agencies."

"You are da Boss. You can pick and choose who does what, what gets done, and motivate and then share the credit with your people. You make a real impact on a daily basis."

#14 - Secure Software Developer

A cool title, because this is VERY rare.

Job Description

The security-aware software developer leads all developers in the creation of secure software, implementing secure programming techniques that are free from logical design and technical implementation flaws. This expert is ultimately responsible for ensuring customer software is free from vulnerabilities that can be exploited by an attacker.

Why It's Cool

"You get to make something that actually runs and does something (and won’t break under pressure)."

"These guys are the senior developers by virtue of their programming prowess."

How It Makes a Difference

"No security architecture or policy can compensate for poorly written, buggy, insecure software. If one pays the necessary attention to security when a product is initially developed, one doesn't need to go back and add security later on."

"This is where the rubber meets the road. These are the people making a difference where it really matters...in the software that runs the world."